I have some scripts that need to send mail from the command line. While mail works out of the box, it will not work if your ISP blocks port 25, or if your ISP's network address range is on a blacklist. You could use Mail.app and AppleScript, but that requires that the user in question be logged in, and may not work for scripts run by root.

This solution configures postfix, the service used by mail and sendmail, to relay messages through a third-party server (ideally your ISP), optionally using authentication and TLS. You'll need to be root to create/edit the files and run the commands. So, without further delay, enjoy.

This second test form specifies the "from" address as you, but can be changed to anything you want as long as it passes muster with your provider's server. You can now check the logs:

tail /var/log/mail.log

Or, if you're crafty, you'll open a second Terminal window, and before running the tests in the first window, do:

tail -f /var/log/mail.log

Here are some notes about options that you see in the content above:

The *_security_options settings allow postfix to use plain text passwords during authentication (albeit over TLS).

The MUST_NOPEERMATCH in the smtp_tls_sites file ignores certificate mismatches when negotiating TLS. This, overall, is not a good idea, but I didn't have time to play with it yet and configure the CA. Other options are NONE, MAY, and MUST, but some will require configuration of the CA so that a trust can be established with the server. This, I believe, is configured with smtp_tls_CAfile. When I get it working, I may post an update.

The chmod go-rx smtp_sasl_passwords removes the group and other/world read/execute permissions on the password files. Only the root user should be able to read it.

That is all. I pieced this information together from lots of useless searches and several useful how-to's and postings. I make no guarantees, but I hope it helps someone.

I tried this with two authenticated accounts I have and I got an error in both cases:status=deferred (host asmtp.myisp.com said: 454 5.7.3 Client does not have permission to Send As this sender. (in reply to end of DATA command))
I tried both tests and both gave the above error, so I don't know what went wrong.

Thanks, this works great! Only problem is the sender field appear as "Machine Username <email@domain.com>", not "Full Name <email@domain.com>". Does anyone know how to change this? The only way I could find to customize the display name was to change my user account name in System Preferences :/

If you want the verification process to work, you'll need to provide valid certificate authority (CA) certificates to OpenSSL via postfix. For some reason, my computer did not have the default OpenSSL root CA certificates installed. So, I decided to import them from the system root CA keychain.